-
Notifications
You must be signed in to change notification settings - Fork 13
/
values.yaml
475 lines (391 loc) · 16.7 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
# Default values for tyk-mdcb-data-plane.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# nameOverride overrides the Chart name. It is truncated to 63 characters.
nameOverride: ""
# fullnameOverride overrides App name. It is truncated to 63 characters.
fullnameOverride: ""
global:
components:
# Determines whether the pump component should be installed.
pump: true
servicePorts:
# The port at which the gateway service can be found at
gateway: 8080
remoteControlPlane:
# useSecretName can be used if you don't want to store plaintext values for remote control plane configurations in
# the Helm value file and would rather provide the k8s Secret externally.
# You should set following fields in the secret
# - orgId - Sets slave_options.rpc_key of Tyk Gateway
# - userApiKey - Sets slave_options.api_key of Tyk Gateway
# - groupID - Sets slave_options.group_id of Tyk Gateway
useSecretName: ""
enabled: true
# connection string used to connect to an MDCB deployment. For Tyk Cloud users, you can get it from Tyk Cloud Console and retrieve the MDCB connection string.
connectionString: ""
# orgID of your dashboard user
orgId: ""
# API key of your dashboard user
userApiKey: ""
# ID to identify this gateway cluster - API events will only work if this is set
groupID: ""
# enable/disable ssl
useSSL: true
# Disables SSL certificate verification
sslInsecureSkipVerify: true
tls:
# When true, sets the gateway protocol to HTTPS.
gateway: false
secrets:
# APISecret sets node_secret and secret in tyk.conf
APISecret: CHANGEME
# useSecretName can be used if you don't want to store plaintext secrets in the Helm value file and would
# rather provide the k8s Secret externally.
# You can set following fields in the secret
# - APISecret - Sets node_secret and secret in tyk.conf
useSecretName: ""
redis:
# The addrs value will allow you to set your Redis addresses.
#
# If you are using Redis (e.g. Bitnami Redis at bitnami/redis) then enter single
# endpoint. If using sentinel connection mode for Redis, please update the port number (typically 26379).
#
# If using a Redis Cluster (e.g. bitnami/redis-cluster), you can list
# the endpoints of the redis instances or use the cluster configuration endpoint.
#
# Default value: redis.{{ .Release.Namespace }}.svc.cluster.local:6379
# addrs:
# - tyk-redis-master.tyk.svc.cluster.local:6379
# Example using tyk simple redis chart
# - redis.tyk.svc.cluster.local:6379
# Example using bitnami/redis
# - tyk-redis-master.tyk.svc.cluster.local:6379
# Example using bitnami/redis with sentinel
# - tyk-redis.tyk.svc.cluster.local:26379
# Example using bitnami/redis-cluster
# - tyk-redis-redis-cluster.tyk.svc.cluster.local:6379
# Redis password
# If you're using Bitnami Redis chart (e.g. bitnami/redis) please input
# your password in the field below
pass: ""
# Redis password can also be provided via a secret. Provide the name of the secret and key below.
# passSecret:
# name: ""
# keyName: ""
# Enables SSL for Redis connection. Redis instance will have to support that.
# Default value: false
# useSSL: true
# If using "Redis Cluster" set enableCluster to true
# (e.g. if using bitnami/redis-cluster)
# enableCluster: true
# Enables sentinel connection mode for Redis. If enabled, provide both
# mandatory values for sentinelPass and masterName.
# enableSentinel: false
# Redis sentinel password, only required while enableSentinel is true.
# For bitnami/redis the same password as Redis above
# sentinelPass: ""
# Redis sentinel master name, only required while enableSentinel is true.
# For bitnami/redis typically redis-master
# masterName: ""
# By default, the database index is 0. Setting the database index is not
# supported with redis cluster. As such, if you have enableCluster: true,
# then this value should be omitted or explicitly set to 0.
storage:
database: 0
tyk-gateway:
## Default values for tyk-gateway chart.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.
## See Tyk Helm documentation for installation details:
## https://tyk.io/docs/tyk-oss/ce-helm-chart/
## Registry for all Tyk images - https://hub.docker.com/u/tykio
# nameOverride overrides the Chart name. It is truncated to 63 characters.
# Default value: tyk-gateway.name
nameOverride: ""
# fullnameOverride overrides App name. It is truncated to 63 characters.
# Default value: tyk-gateway.fullname
fullnameOverride: ""
gateway:
# The hostname to bind the Gateway to.
hostName: tyk-gw.local
tls:
# When true, it will install the certificate present in the templates folder, set to false when using
# a custom TLS certificate to avoid overwriting yours
useDefaultTykCertificate: true
# The name of the secret which should contain the TLS certificate you want to use with the gateway deployment
secretName: tyk-default-tls-secret
# kind is type of k8s object to be created for gateway.
kind: Deployment
# podAnnotations is annotations to be added to Tyk Gateway pod.
# It takes key-value pairs.
# There are no required annotation field for Tyk Gateway.
#
# podAnnotations:
# yourkey: value
# image: yourhub
podAnnotations: {}
# replicaCount specifies number of replicas to be created if kind is Deployment.
replicaCount: 1
image:
# image repository for Tyk Gateway
repository: tykio/tyk-gateway
# image tag for Tyk Gateway
tag: v5.1.0
# image pull policy for Tyk Gateway
pullPolicy: IfNotPresent
# image pull secrets to use when pulling images from repository
imagePullSecrets: []
# The port which will be exposed on the container for tyk-gateway
containerPort: 8080
# By default, APIs, policies, and middleware are stored on a volume mount,
# set to true to instead store them in the container's filesystem
# (policies will be stored in a single json file)
disableInitContainer: false
service:
# type of service
type: NodePort
# external traffic policy of the service. Set it only if you are using LoadBalancer service type
externalTrafficPolicy: Local
# annotations for service
annotations: {}
control:
# If enabled, exposes control port of the gateway
enabled: false
# control port of gateway
containerPort: 9696
# port number for control port service
port: 9696
# service type for control port service
type: ClusterIP
# annotations for control port service
annotations: {}
# Creates an ingress object in k8s. Will require an ingress-controller and
# annotation to that ingress controller.
ingress:
# if enabled, creates an ingress resource for the gateway
enabled: false
# specify ingress controller class name
className: ""
# annotations for ingress
annotations: {}
# ingress rules
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
# tls configuration for ingress
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
tls: []
# We usually recommend not to specify default resources and to leave this
# as a conscious choice for the user. This also increases chances charts
# run on environments with little resources, such as Minikube. If you do
# want to specify resources, uncomment the following lines, adjust them
# as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources: {}
# securityContext values for gateway pod
securityContext:
runAsUser: 1000
fsGroup: 2000
# containerSecurityContext values for gateway container
containerSecurityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
capabilities:
drop:
- all
# node labels for gateway pod assignment
nodeSelector: {}
# tolerations for gateway pod assignment
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
# affinity for gateway pod assignment
affinity: {}
# extraEnvs is used to set gateway env variables
# - name: TYK_GW_HTTPSERVEROPTIONS_SSLINSECURESKIPVERIFY
# value: "true"
# Sharding gateway allows you to selectively load APIs to specific gateways.
# If enabled make sure you have at least one gateway that is not sharded.
# Also be sure to match API segmentation tags with the tags selected below.
sharding:
enabled: false
tags: ""
# analyticsEnabled property is used to enable or disable analytics.
analyticsEnabled: "true"
# used to decide whether to send the results back directly to Tyk without a hybrid pump
# if you want to send analytics to control plane instead of pump, change value to "rpc"
analyticsConfigType: ""
## extraVolumes is a list of volumes to be added to the pod
## extraVolumes:
## - name: ca-certs
## secret:
## defaultMode: 420
## secretName: ca-certs
extraVolumes: []
## extraVolumeMounts is a list of volume mounts to be added to the pod
## extraVolumeMounts:
## - name: ca-certs
## mountPath: /etc/ssl/certs/ca-certs.crt
## readOnly: true
extraVolumeMounts: []
tyk-pump:
## Default values for tyk-pump chart.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.
## See Tyk Helm documentation for installation details:
## https://tyk.io/docs/tyk-oss/ce-helm-chart/
## Registry for all Tyk images - https://hub.docker.com/u/tykio
# Overrides chart name. It is truncated to 63 characters.
# Default value: tyk-pump.name
nameOverride: ""
# Overrides app name. IT is truncated to 63 characters.
# Default value: tyk-pump.fullname
fullnameOverride: ""
# If pump is enabled the Gateway will create and collect analytics data to send
# to a data store of your choice. These can be set up in the pump config. The
# possible pump configs can be found here:
# https://github.com/TykTechnologies/tyk-pump#configuration
pump:
# number for replicas for pump deployment
replicaCount: 1
# podAnnotations is annotations to be added to Tyk Pump pod.
# It takes key-value pairs.
# There are no required annotation field for Tyk Pump.
#
# podAnnotations:
# yourkey: value
# image: yourhub
podAnnotations: {}
image:
# image repository for Tyk pump
repository: docker.tyk.io/tyk-pump/tyk-pump
# tag for Tyk pump
tag: v1.8.1
# image pull policy
pullPolicy: IfNotPresent
# image pull secrets to use when pulling images from repository
imagePullSecrets: []
service:
# Tyk Pump svc is disabled by default. Set it to true to enable it.
enabled: false
# type specifies type of the service.
type: NodePort
# port specifies the port exposed by the service.
port: 9090
# externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or
# cluster-wide endpoints, while using LoadBalancer type of service.
externalTrafficPolicy: Local
# annotations specifies annotations to be added Tyk Pump service.
annotations: {}
# containerPort represents the port where Tyk Pump serve the metrics, for instance metrics for Prometheus.
# The default port is 9090.
containerPort: 9090
# backend defines the pumps to be created by default, as an array of string.
# Supported backends are ["mongo", "postgres", "prometheus","hybrid"]
# If you would like to use other backends such as ElasticSearch, please
# configure the backend via environment variables.
backend:
- "prometheus"
- "hybrid"
# uptimePumpBackend configures uptime Tyk Pump. ["", "mongo", "postgres"].
# Set it to "" for disabling uptime Tyk Pump. By default, uptime pump is disabled.
uptimePumpBackend: ""
# hybridPump configures Tyk Pump to forward Tyk metrics to a Tyk Control Plane.
# Please add "hybrid" to .Values.pump.backend in order to enable Hybrid Pump.
hybridPump:
# Specify the frequency of the aggregation in minutes or simply turn it on by setting it to true
enableAggregateAnalytics: true
# Hybrid pump RPC calls timeout in seconds. If not specified, default value will be picked up by Tyk Pump.
callTimeout: 10
# Hybrid pump connection pool size. If not specified, default value will be picked up by Tyk Pump.
poolSize: 5
# prometheusPump configures Tyk Pump to expose Prometheus metrics.
# Please add "prometheus" to .Values.pump.backend in order to enable Prometheus Pump.
# The container port where Tyk Pump serves the metrics to Prometheus can be configured
# via .pump.containerPort field.
prometheusPump:
# host represents the host without port, where Tyk Pump serve the metrics for Prometheus.
host: ""
# path represents the path to the Prometheus collection. For example /metrics.
path: /metrics
# customMetrics allows defining custom Prometheus metrics for Tyk Pump.
# It accepts a string that represents a JSON object. For instance,
#
# customMetrics: '[{"name":"tyk_http_requests_total","description":"Total of API requests","metric_type":"counter","labels":["response_code","api_name","method","api_key","alias","path"]}, { "name":"tyk_http_latency", "description":"Latency of API requests", "metric_type":"histogram", "labels":["type","response_code","api_name","method","api_key","alias","path"] }]'
customMetrics: ""
# If you are using prometheus Operator, set the fields in the section below.
prometheusOperator:
# enabled determines whether the Prometheus Operator is in use or not. By default,
# it is disabled.
# Tyk Pump can be monitored with PodMonitor Custom Resource of Prometheus Operator.
# If enabled, PodMonitor resource is created based on .Values.pump.prometheusPump.prometheusOperator.podMonitorSelector
# for Tyk Pump.
enabled: false
# podMonitorSelector represents a podMonitorSelector of your Prometheus resource. So that
# your Prometheus resource can select PodMonitor objects based on selector defined here.
# Please set this field to the podMonitorSelector field of your monitoring.coreos.com/v1
# Prometheus resource's spec.
#
# You can check the podMonitorSelector via:
# kubectl describe prometheuses.monitoring.coreos.com <PROMETHEUS_POD>
podMonitorSelector:
release: prometheus-stack
# We usually recommend not to specify default resources and to leave this
# as a conscious choice for the user. This also increases chances charts
# run on environments with little resources, such as Minikube. If you do
# want to specify resources, uncomment the following lines, adjust them
# as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources: {}
# securityContext values for pump pod
securityContext:
runAsUser: 1000
fsGroup: 2000
# containerSecurityContext values for pump container
containerSecurityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
capabilities:
drop:
- all
# node labels for pump pod assignment
nodeSelector: {}
# tolerations for pump pod assignment
tolerations: []
# affinity for pump pod assignment
affinity: {}
# extraEnvs is used to set environment variables in pump container
# - name: TYK_PMP_PURGEDELAY
# value: 30
extraEnvs: []
## extraVolumes is a list of volumes to be added to the pod
## extraVolumes:
## - name: ca-certs
## secret:
## defaultMode: 420
## secretName: ca-certs
extraVolumes: []
## extraVolumeMounts is a list of volume mounts to be added to the pod
## extraVolumeMounts:
## - name: ca-certs
## mountPath: /etc/ssl/certs/ca-certs.crt
## readOnly: true
extraVolumeMounts: []